Rapidly growing software company selects Expel as transparent managed security partner
Expel’s technical know-how, passion and innovative approach set it apart from traditional MSSPs
Relativity makes software that helps its more than 175,000 users organize data, discover the truth and act on it. Its comprehensive e-discovery platform is used in over 40 countries by the likes of the U.S. Department of Justice, Deloitte and NBCUniversal, more than 70 Fortune 100 companies and 199 of the Am Law 200. Relativity’s SaaS product, RelativityOne, offers all the functionality of Relativity in a secure and comprehensive SaaS product, providing users with added flexibility and extensibility during their review process for things like investigations, litigation and lawsuits. When handling billions of highly sensitive documents, security is of utmost importance both in Relativity and in RelativityOne. If Relativity couldn’t demonstrate how they keep their customers’ data secure, they’d never get a foot in the door.
I’m trusting Expel with my company. Security is about talent and passion. You can’t code these people or their abilities. There’s nothing crazy in my network right now, and with Expel I have peace of mind that nothing is going to get a chance to do much damage in the future.
Amanda Fennell, CSO
While security had always been a priority for Relativity, the company’s rapid growth and introduction of its SaaS product, RelativityOne, prompted the management team to create a new security team, which they call Calder7, led by a new Chief Security Officer (CSO), Amanda Fennell. Amanda has deep roots in the security industry and is familiar with varied options and approaches for managing security. Her first priority was figuring out which approach made sense for Relativity’s business.
According to Fennell, “You’ve got to understand your organization’s challenges before you can create a vision for security and refine it across your organization.” She spent those first few months assessing what Relativity already had in place and learning from key stakeholders. A series of nearly 50 one-on-ones with directors and vice presidents helped her understand Relativity’s key risks and identify what mattered most to stakeholders across the company.
Once the assessment phase was over, Relativity completed a gap analysis. When it came to security tools, Amanda was already using or was in the process of implementing Carbon Black, Palo Alto Networks, Recorded Future, RedLock and Splunk. All of those decisions, Amanda recalls, were made after careful review with her team and thorough analysis about what would be the best fit for Relativity, its product and its teams.
But, as she looked at what it would take to implement her vision for security, Amanda quickly came to the conclusion that she needed a partner whose full-time job was monitoring Relativity’s environment 24x7. “I just wanted some peace of mind,” Amanda recalls. “I needed someone I could trust, who had an SLA to watch our environment nonstop. I also wanted someone who had used our products across multiple environments and industries to give us a more diverse perspective.”
Relativity evaluated three different managed security providers: Symantec, Trustwave and Expel. “I wanted to look at one legacy provider and one big name that I hadn’t worked with before,” she said. “But for the third vendor, I wanted to look at a newer player that was innovative and could pivot off of my crazy ideas when I said I want to do ‘this’ or ‘that.’ Cloud is still a new enough arena that we have to be able to reject the norms of security and apply some out of boundaries thinking.”
As her team put the vendors through their evaluation process, Amanda explains, “it quickly became obvious that one of the MSSPs was barely taking us seriously because we weren’t big enough for them.” In other cases, vendors would show up to calls without people who could dig into the technical details, even when Amanda had warned them to come prepared. “Expel was different. They were totally transparent about what they were going to do for us and how it would work. It was easy for me and the technical team to understand.”
Relativity ultimately selected Expel because of their passion and approach. In explaining the decision, Amanda says it was rooted in Relativity’s core values. “We value our spirit of transparency at Relativity. That’s true across teams, as well as with our third-party partner relationships,” she said. “As I compared the capabilities and strategic direction of the traditional MSSPs and Expel, it quickly became clear that Expel was much more aligned with our own principles.”
I needed someone I could trust, who had an SLA to watch our environment nonstop. I also wanted someone who had used our products across multiple environments and industries to give us a more diverse perspective.
Amanda Fennell, CSO
How Expel helped
From the beginning, Amanda says, Relativity and Expel communicated well together, and had a shared passion. Amanda recounted how, on an early call with Expel the discussion quickly got into a detailed back and forth exchange on issues that that were top of mind for her technical team. “It was great,” she said. “I just muted the line and they solved it.”
That ease of communication has yielded dividends. Recounting one example of how closely the teams collaborate, Amanda recalls, “It was two a.m. and it was the first time we’d had an incident of interest to examine. Expel alerted on it, and I was able to jump on our Slack channel with the Expel analysts. We got to compare notes even as they were still investigating it. We moved so fast internally that we were able to put blocks in place before anything bad happened.”
In another example, Relativity observed a signature that they thought should have generated more attention from the Expel team. After raising the issue, Expel’s correlation engineer walked through Expel’s rationale and approach in detail. Through that interaction, Relativity got insight into Expel’s thinking, while Expel took the opportunity to learn more about how Relativity prefers to work.
“It’s not very often that you’ve got a Slack channel with your CSO, your analyst and your managed security provider all talking together at 2:00 AM,” Amanda observed. “It’s a great feeling. It feels like our analysts aren’t alone in the middle of the night.”
It’s not very often that you’ve got a Slack channel with your CSO, your analyst and your managed security provider all talking together at 2:00 AM … It’s a great feeling. It feels like our analysts aren’t alone in the middle of the night.
Amanda Fennell, CSO
When Relativity talks about the benefits it’s getting from its partnership with Expel, all roads lead back to Expel’s technical know-how, transparency and passion.
Benefits of partnering with Expel
- Rapid detection and response to threats
- Clear value for the money
- Cross-industry experience
- On-demand expertise
Some of the specific benefits Relativity has realized include:
Rapid detection and response to threats
One of the biggest benefits Relativity is getting is the peace of mind that comes with having a trusted partner watching their environment. When Expel detects new threats or suspicious activity they quickly investigate and resolve them. “From deeply technical team calls to midnight consults via Slack, we can see exactly what they’re doing and we really understand each other,” Amanda said. “This has produced an organic and collaborative relationship in one of the most important functions of our work: ensuring that we keep our customers’ data secure.”
Clear value for the money
Relativity is also seeing clear value for what they’re paying. They like the fact that Expel is willing to adapt the service to their environment. “The transparency means so much. There’s no haggling, no negotiations. We know exactly what Expel is doing and how they are doing it – so it’s clear to me and my technical team about exactly what we’re getting for our money,” Amanda observed.
Relativity also sees significant benefit in the experience Expel brings from working with a range of companies across different industries. They like that the Expel team aren’t “binary thinkers” who are going to blindly follow a playbook. “I like that they say ‘Hey, I think I saw something similar over here. Let me go check this out,’” Amanda said. “That doesn’t always happen at a larger MSSP. If you push others, the tendency can be to push back at customers and say ‘it is what it is’ and describe how they followed their 861 guidelines.”
Another, softer benefit, is the fact that Relativity knows they can get answers immediately. In one case, Amanda was reviewing some activity in the Expel Workbench and asked the investigating analyst for more info. The analyst flipped over to the Slack channel and within 10 seconds he was getting a response.
“I’m trusting Expel with my company. Security is about talent and passion. You can’t code these people or their abilities,” Amanda explained. “There’s nothing crazy in my network right now, and with Expel I have peace of mind that nothing is going to get a chance to do much damage in the future.”
A look ahead
Now that we have a solid foundation in place with the right monitoring, aggregation of activity, and an intel driven program Relativity is looking forward to focusing on automation and digging in with “hunt missions.” User and entity behavior analytics will bring it all together as they hone in on what “normal” is and what falls outside the norm. Just like Calder7.